Critical Alert 2 Active Exploits Detected Today

CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability →
CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2025-49706NVD

Vulnerability Summary

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Severity Level
MEDIUM(6.5)
Published Date
Jul 8, 2025
Last Modified
Jul 30, 2025
Exploitation Status
ACTIVE
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone